Case 20: Blockchain Can Give User Authentication and Authorization

User authorization in blockchains is performed using public key cryptography. In the simplest case, blockchain-based assets are bearer assets; i.e., the ownership of an asset is determined by the knowledge of a private key. Two-factor authentication or other security measures comparable to those of centralized e-money systems could be implemented by using dedicated wallet services. A Bitcoinlike blockchain scripting language could allow both custodial and non-custodial wallets (e.g., implemented with the help of 2-of-3 multisignature scheme). Security properties of public key cryptography could be boosted by the use of specialized hardware wallets for signing transactions. Overall, blockchain infrastructure provides security decentralization and eliminates single points of failure inherent to centralized e-money ledgers.

In order to maintain user privacy, blockchain users could utilize hierarchical deterministic wallets and the pay-to-contract protocol, which allow for the creation of publicly unlinkable addresses supporting on-demand auditing. Transaction amounts could be masked using range proofs. In the case of more complex transaction models, e.g. for smart contracts, zero-knowledge proofs and secure multi-party computations could be used in order to execute contracts while not disclosing data to any of computers (see, e.g., Enigma project and Zerocash).

As blockchain infrastructure provides a complete time ordering of events, it could be used to implement decentralized public key infrastructure (PKI), which would link identities of persons and entities to their public keys. Public key infrastructure could be organized as a part of the blockchain specification, or as a separate overlay protocol (similar to colored coin protocols). PKI would allow for legally recognized value transfer and asset issuance.